At BDO Insurance Brokers, Inc. (“BDOI”), we are committed to protecting your privacy as our client, and even as a visitor to this website. We are bound by, and shall comply with, the Data Privacy Act of 2012 (“Republic Act No. 10173”) and its implementing rules and regulations, other applicable Philippine laws on data privacy, as well as rules and regulations issued by the the Insurance Commission and other regulatory bodies, that uphold data privacy  (collectively, “Data Privacy Laws”).

Collection, Use, Disclosure and Recipients of Personal Information

When you visit our website, or submit to us your application to apply or avail of any of our services or products, or file complaints, inquiries or requests including but not limited to after-sales and claims services, we may manually or automatically collect your personal data (which may include your personal information and sensitive personal information) such as:

1. Your name and other particulars such as contact details, address, email address, birthdate, education; specimen signatures;
2. Government ID details (such as Passport, TIN, SSS, GSIS, Driver's License);
3. Financial information (such as insurance policies, sources of income, investments, and credit cards);
4. Employment details;
5. Images captured via CCTV and other similar recording devices which may be observed when visiting our offices, and/or using our facilities;
6. Voice recordings of our conversations with you, if any;
7. Information about your age, health, accident, confinement, medical records, hospital records, travel itinerary, vehicle, burial, cremation, and the like that we need for us  to perform underwriting, after-sales, and claims services on your policy(ies); 
8. Information about your insurance policy(ies), premium(s), mode(s) and type(s) of payment that we need to perform underwriting, after-sales, and claims services on your policy(ies);
9. Any information, whether or not personal information or sensitive personal information, that we needd to perform underwriting, after-sales, and claims services on your policy(ies); and
10. Non-personal information such as those provided by the device you are using (e.g. your phone) such as the IP address, operating system, browser type and version, and other machine-related identifiers.

We may use web analytic tools, including those of third parties, that use cookies to collect anonymous information and data generated in connection with your activities when you visit the BDOI website (e.g. perform searches, access internal links).

Your personal data may be used, stored, processed, and disclosed by BDOI to members of the BDO Group (consisting of BDO Unibank, Inc. and its subsidiaries including BDOI, and affiliates) as well as third parties5 as may be necessary and allowed by law (i) for legitimate purposes1,(ii) to provide services to you or implement transactions which you request, allow, or authorize, and, (iii) to comply with the BDO Group’s internal policies and its reporting obligations² to governmental authorities³ under applicable laws⁴.

These information are kept secure and only processed by concerned business units of BDO Group.

Phishing Emails

Since the email is not entirely safe, we will not use email to get your confidential information such as account numbers, passwords, and credit card numbers. We encourage you also not to use email to provide your confidential information. An authorized BDOI representative will get in touch with you should we require confidential/other information. We will never ask you to confirm any such information by clicking on a link in an email. Should you happen to receive an email containing a purported link to our website, asking you to provide or confirm confidential information, kindly ignore this and do not attempt to access the link to get to our site. These links may take you to a spoofed site that could send all information you enter to the hacker who designed the site.

Unsolicited Emails

Unless we have an existing relationship6 with you, we shall not transmit marketing emails to you without your consent. Any marketing emails that we send shall prominently display a return e-mail address and shall provide in plain language a simple procedure by which you can notify us that you do not wish to receive such emails.

Security and Retention Period

We have put in place appropriate physical, organizational, and technical controls to maintain the confidentiality, integrity, and availability of your personal data.

Your personal data will be stored in a database for no longer than five (5) years from the conclusion of your transactions with any member of the BDO Group or until the expiration of the retention limits set by applicable law, whichever comes later, after which both physical records and digital files shall be disposed of.

Your Rights

Subject to the requirements, conditions and exemptions under the Data Privacy Laws, you are entitled to the following rights:

1. To be informed
   1. a. Whether personal data pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
   2. b. Be notified and furnished with the information indicated below before the entry of your personal data into our system, or at the next practical opportunity:
      • Description of the personal data to be entered into the system;
      • Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose;
      • Basis of processing, when you have not provided consent;
      • Scope and method of the personal data processing;
      • The recipients or classes of recipients to whom the personal data are or may be disclosed
      • Methods utilized for automated access, if allowed by you, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing;
      • The identity and contact details of the appropriate Bank representative
      • The period for which the information will be stored; and
      • The existence of your rights, including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the National Privacy Commission (NPC).
2. To object to processing of your personal data, including processing for direct marketing, automated processing, or profiling, and in case of changes or amendments in processing
3. To access your personal data
4. To require BDOI to correct any of your personal data, if inaccurate
5. To obtain a copy of your personal data in an electronic or structured format for your further use
6. To suspend, withdraw, or order the blocking, removal, or destruction of your personal data from BDOI's system. It is understood that if you exercise this particular right, BDOI has the right to terminate the services.
7. To file a complaint with the NPC
8. To be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.

Inquiries, clarifications, or requests in relation to this Data Privacy Statement may be addressed to BDOI’s Data Protection Officer at data_protection_officer_bdoinsurance@bdo.com.ph, or to Data Protection Officer, 44F BDO Corporate Center Ortigas, ADB Avenue, Ortigas Center, Mandaluyong.

Changes to Our Data Privacy Statement

We may modify this Data Privacy Statement from time to time to align with changes in relevant laws and regulations as applicable. All updates will be posted in our website.

_______________________________________________

¹ Purposes include but are not limited to credit and risk management, know your customer checks, prevention and detection of fraud or crime, system or product development and planning, profiling, complaints management, insurance, audit and administrative purposes, and relationship management.

² Reporting obligations means obligations of the BDO Group to comply with (a) Applicable Law, and internal policies or procedures, or (b) any demand and/or requests from Government Authorities for purposes of reporting, regulatory trade reporting, disclosure or other obligations under Applicable Law.

³ Governmental authority(ies) mean(s) the government of the Republic of the Philippines or a foreign country, as may be applicable, or any political subdivision thereof, and any entity exercising executive, legislative, judicial, regulatory, or administrative functions of or pertaining to the government.

⁴ Applicable law means any statute, law, constitution, regulation, rule, ordinance, order, decree, directive, guideline, policy, requirement or other governmental restriction or any similar form of decision of, or determination of any of the foregoing by, any national, regional or local government or political subdivision, commission, authority, tribunal, agency or entity of the Republic of the Philippines or a foreign country, as may be applicable.

⁵ Third party refers to a third party (local or overseas):

• That is a Governmental Authority;
• Who acquires or will acquire the rights and obligations of any member of the BDO Group;
• Who is in negotiations with any member of the BDO Group in connection with the possible sale, acquisition or restructuring of any member of the BDO Group;
• Who processes information, transactions, services, insurance policies, or accounts, on behalf of the BDO Group (including but not limited to courier agencies; telecommunication information technology companies; payment, payroll, collection, training, and storage agencies; entities providing customer support, and other similar entities); 
• Who requires the information for audit and administrative purposes.

⁶ Existing relationship is not established by simply visiting, browsing or searching our web sites (Section 11.1 of Insurance Commission Circular Letter No. 2014-47 dated 21 November 2014 entitled Guidelines on Electronic Commerce of Insurance Products).